On the eve of the reported settlement of the Flash cookie litigation by Quantcast and Clearspring, Covington alum Kashmir Hill reports at Forbes about an online practice that could be the next “Flash cookie” among privacy advocates: web history sniffing.
Like other online privacy litigation litigation that we’ve seen this year, the Midstream plaintiffs’ case relies on state consumer protection statutes and the Computer Fraud and Abuse Act, or CFAA — which existed long before both history sniffing and video streaming. Even with the creative license that comes from extending these laws to the Internet, it’s not at all clear that the plaintiffs will be able to succeed.
The gist of the CFAA claim is that Midstream violated federal law by “exceeding the scope of [its] authorization” to access users’ computers. But the plaintiffs may have an uphill climb on this claim because the CFAA generally requires plaintiffs to prove at least $5,000 in damages as a result of the defendant’s actions. While courts and regulators have agreed on their importance of protecting individual privacy, courts have been reluctant to find that disclosure of private information about an individual, by itself, has an economic cost.
As the trend toward privacy regulation increases in the United States, this means that companies that operate websites will need to spend more time assessing what information various parts of their website collect and how they should best communicate that information to users.